DittoETH

Ditto

DeFiFoundryOracle

55,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

low level call

akriosss

Summary

low level call

Vulnerability Details

The issue lies in the use of the low-level call function to send Ether to an arbitrary address. The call function is used to send Ether, but it also forwards all remaining gas and opens up the contract to reentrancy attacks. If the to address is a contract, it could execute a large amount of code or even call back into the vulnerable contract, enabling it to withdraw more Ether than it should.

Tools Used

vscode

Recommendations

To resolve this issue, you should replace the low-level call function with the high-level transfer function. The transfer function only forwards a limited amount of gas and does not expose the contract to reentrancy attacks. Here is how you can modify the code:

Replace this line:

(bool sent,) = to.call{value: netBalance}("");

with this line:

to.transfer(netBalance);

This change will make your contract more secure against reentrancy attacks. However, please note that the transfer function will throw an exception if the call fails.

Updates

Lead Judging Commences

0xnevi Lead Judge

over 1 year ago

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Other

Prize pool breakdown

Total prize

55,000 USDC

nSLOC

3,365

16 USDC / LOC

High Medium

50,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.